#!/usr/bin/env bash
# ---
# @file_name: mullvad_tailscale.sh
# @version: 1.0.0
# @description: Installs mullvad nft rules
# @author: Jamie Albert (empty_produce)
# @author_contact: <mailto:empty.produce@flatmail.me>
# @license: GNU Affero General Public License v3.0 (Included in LICENSE)
# Copyright (C) 2025, Jamie Albert
# ---

# ---
# shellcheck disable=1091
# --
#!/usr/bin/env bash

set -euo pipefail

setup() {
	. /usr/local/share/dao/config/dao.conf
}

wait_for_network() {
	echo "[i] Waiting for network connectivity..."
	local max_attempts=30
	local attempt=1

	while ! ping -c1 -W1 nasa.gov >/dev/null 2>&1; do
		if [ $attempt -ge $max_attempts ]; then
			echo "[e] Network not available after ${max_attempts} attempts"
			exit 1
		fi
		echo "[i] Attempt $attempt/${max_attempts}: Network not ready, waiting 2 seconds..."
		sleep 2
		((attempt++))
	done
	echo "[i] Network connectivity confirmed"
}

nft_mullvad() {
	echo "[i] Applying firewall rules..."
	if sudo nft -f "$DAO_USER_HOME/.config/dao/firewall/mullvad_tailscale.conf"; then
		echo "[i] Firewall rules applied successfully"
	else
		echo "[e] Failed to apply firewall rules"
		exit 1
	fi
}

main() {
	setup
	case "${1:-}" in
		--enable)
			wait_for_network
			nft_mullvad
			;;
		*)
			echo "Usage: $0 --enable"
			exit 1
			;;
	esac
}

main "$@"